mirror of
https://github.com/dashpay/dash.git
synced 2024-12-25 03:52:49 +01:00
merge bitcoin#18565: Add fuzzing harnesses for classes/functions in checkqueue.h and cuckoocache.h. Add fuzzing coverage.
This commit is contained in:
parent
ee7e37ae01
commit
d016ccd065
@ -5,6 +5,7 @@
|
||||
|
||||
|
||||
FUZZ_TARGETS = \
|
||||
test/fuzz/addition_overflow \
|
||||
test/fuzz/addr_info_deserialize \
|
||||
test/fuzz/addrdb \
|
||||
test/fuzz/address_deserialize \
|
||||
@ -29,7 +30,9 @@ FUZZ_TARGETS = \
|
||||
test/fuzz/blockundo_deserialize \
|
||||
test/fuzz/bloom_filter \
|
||||
test/fuzz/bloomfilter_deserialize \
|
||||
test/fuzz/checkqueue \
|
||||
test/fuzz/coins_deserialize \
|
||||
test/fuzz/cuckoocache \
|
||||
test/fuzz/decode_tx \
|
||||
test/fuzz/descriptor_parse \
|
||||
test/fuzz/diskblockindex_deserialize \
|
||||
@ -289,6 +292,12 @@ test_test_dash_LDADD += $(LIBBITCOIN_ZMQ) $(ZMQ_LIBS)
|
||||
endif
|
||||
|
||||
if ENABLE_FUZZ
|
||||
test_fuzz_addition_overflow_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
|
||||
test_fuzz_addition_overflow_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
|
||||
test_fuzz_addition_overflow_LDADD = $(FUZZ_SUITE_LD_COMMON)
|
||||
test_fuzz_addition_overflow_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
|
||||
test_fuzz_addition_overflow_SOURCES = $(FUZZ_SUITE) test/fuzz/addition_overflow.cpp
|
||||
|
||||
test_fuzz_addr_info_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DADDR_INFO_DESERIALIZE=1
|
||||
test_fuzz_addr_info_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
|
||||
test_fuzz_addr_info_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
|
||||
@ -433,12 +442,24 @@ test_fuzz_bloomfilter_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
|
||||
test_fuzz_bloomfilter_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
|
||||
test_fuzz_bloomfilter_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
|
||||
|
||||
test_fuzz_checkqueue_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
|
||||
test_fuzz_checkqueue_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
|
||||
test_fuzz_checkqueue_LDADD = $(FUZZ_SUITE_LD_COMMON)
|
||||
test_fuzz_checkqueue_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
|
||||
test_fuzz_checkqueue_SOURCES = $(FUZZ_SUITE) test/fuzz/checkqueue.cpp
|
||||
|
||||
test_fuzz_coins_deserialize_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES) -DCOINS_DESERIALIZE=1
|
||||
test_fuzz_coins_deserialize_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
|
||||
test_fuzz_coins_deserialize_LDADD = $(FUZZ_SUITE_LD_COMMON)
|
||||
test_fuzz_coins_deserialize_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
|
||||
test_fuzz_coins_deserialize_SOURCES = $(FUZZ_SUITE) test/fuzz/deserialize.cpp
|
||||
|
||||
test_fuzz_cuckoocache_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
|
||||
test_fuzz_cuckoocache_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
|
||||
test_fuzz_cuckoocache_LDADD = $(FUZZ_SUITE_LD_COMMON)
|
||||
test_fuzz_cuckoocache_LDFLAGS = $(RELDFLAGS) $(AM_LDFLAGS) $(LIBTOOL_APP_LDFLAGS) $(LDFLAGS_WRAP_EXCEPTIONS)
|
||||
test_fuzz_cuckoocache_SOURCES = $(FUZZ_SUITE) test/fuzz/cuckoocache.cpp
|
||||
|
||||
test_fuzz_decode_tx_CPPFLAGS = $(AM_CPPFLAGS) $(BITCOIN_INCLUDES)
|
||||
test_fuzz_decode_tx_CXXFLAGS = $(AM_CXXFLAGS) $(PIE_FLAGS)
|
||||
test_fuzz_decode_tx_LDADD = $(FUZZ_SUITE_LD_COMMON)
|
||||
|
55
src/test/fuzz/addition_overflow.cpp
Normal file
55
src/test/fuzz/addition_overflow.cpp
Normal file
@ -0,0 +1,55 @@
|
||||
// Copyright (c) 2020 The Bitcoin Core developers
|
||||
// Distributed under the MIT software license, see the accompanying
|
||||
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
||||
|
||||
#include <test/fuzz/FuzzedDataProvider.h>
|
||||
#include <test/fuzz/fuzz.h>
|
||||
#include <test/fuzz/util.h>
|
||||
|
||||
#include <cstdint>
|
||||
#include <string>
|
||||
#include <vector>
|
||||
|
||||
#if defined(__has_builtin)
|
||||
#if __has_builtin(__builtin_add_overflow)
|
||||
#define HAVE_BUILTIN_ADD_OVERFLOW
|
||||
#endif
|
||||
#elif defined(__GNUC__) && (__GNUC__ >= 5)
|
||||
#define HAVE_BUILTIN_ADD_OVERFLOW
|
||||
#endif
|
||||
|
||||
namespace {
|
||||
template <typename T>
|
||||
void TestAdditionOverflow(FuzzedDataProvider& fuzzed_data_provider)
|
||||
{
|
||||
const T i = fuzzed_data_provider.ConsumeIntegral<T>();
|
||||
const T j = fuzzed_data_provider.ConsumeIntegral<T>();
|
||||
const bool is_addition_overflow_custom = AdditionOverflow(i, j);
|
||||
#if defined(HAVE_BUILTIN_ADD_OVERFLOW)
|
||||
T result_builtin;
|
||||
const bool is_addition_overflow_builtin = __builtin_add_overflow(i, j, &result_builtin);
|
||||
assert(is_addition_overflow_custom == is_addition_overflow_builtin);
|
||||
if (!is_addition_overflow_custom) {
|
||||
assert(i + j == result_builtin);
|
||||
}
|
||||
#else
|
||||
if (!is_addition_overflow_custom) {
|
||||
(void)(i + j);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
} // namespace
|
||||
|
||||
void test_one_input(const std::vector<uint8_t>& buffer)
|
||||
{
|
||||
FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
|
||||
TestAdditionOverflow<int64_t>(fuzzed_data_provider);
|
||||
TestAdditionOverflow<uint64_t>(fuzzed_data_provider);
|
||||
TestAdditionOverflow<int32_t>(fuzzed_data_provider);
|
||||
TestAdditionOverflow<uint32_t>(fuzzed_data_provider);
|
||||
TestAdditionOverflow<int16_t>(fuzzed_data_provider);
|
||||
TestAdditionOverflow<uint16_t>(fuzzed_data_provider);
|
||||
TestAdditionOverflow<char>(fuzzed_data_provider);
|
||||
TestAdditionOverflow<unsigned char>(fuzzed_data_provider);
|
||||
TestAdditionOverflow<signed char>(fuzzed_data_provider);
|
||||
}
|
65
src/test/fuzz/checkqueue.cpp
Normal file
65
src/test/fuzz/checkqueue.cpp
Normal file
@ -0,0 +1,65 @@
|
||||
// Copyright (c) 2020 The Bitcoin Core developers
|
||||
// Distributed under the MIT software license, see the accompanying
|
||||
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
||||
|
||||
#include <checkqueue.h>
|
||||
#include <optional.h>
|
||||
#include <test/fuzz/FuzzedDataProvider.h>
|
||||
#include <test/fuzz/fuzz.h>
|
||||
#include <test/fuzz/util.h>
|
||||
|
||||
#include <cstdint>
|
||||
#include <string>
|
||||
#include <vector>
|
||||
|
||||
namespace {
|
||||
struct DumbCheck {
|
||||
const bool result = false;
|
||||
|
||||
DumbCheck() = default;
|
||||
|
||||
explicit DumbCheck(const bool _result) : result(_result)
|
||||
{
|
||||
}
|
||||
|
||||
bool operator()() const
|
||||
{
|
||||
return result;
|
||||
}
|
||||
|
||||
void swap(DumbCheck& x)
|
||||
{
|
||||
}
|
||||
};
|
||||
} // namespace
|
||||
|
||||
void test_one_input(const std::vector<uint8_t>& buffer)
|
||||
{
|
||||
FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
|
||||
|
||||
const unsigned int batch_size = fuzzed_data_provider.ConsumeIntegralInRange<unsigned int>(0, 1024);
|
||||
CCheckQueue<DumbCheck> check_queue_1{batch_size};
|
||||
CCheckQueue<DumbCheck> check_queue_2{batch_size};
|
||||
std::vector<DumbCheck> checks_1;
|
||||
std::vector<DumbCheck> checks_2;
|
||||
const int size = fuzzed_data_provider.ConsumeIntegralInRange<int>(0, 1024);
|
||||
for (int i = 0; i < size; ++i) {
|
||||
const bool result = fuzzed_data_provider.ConsumeBool();
|
||||
checks_1.emplace_back(result);
|
||||
checks_2.emplace_back(result);
|
||||
}
|
||||
if (fuzzed_data_provider.ConsumeBool()) {
|
||||
check_queue_1.Add(checks_1);
|
||||
}
|
||||
if (fuzzed_data_provider.ConsumeBool()) {
|
||||
(void)check_queue_1.Wait();
|
||||
}
|
||||
|
||||
CCheckQueueControl<DumbCheck> check_queue_control{&check_queue_2};
|
||||
if (fuzzed_data_provider.ConsumeBool()) {
|
||||
check_queue_control.Add(checks_2);
|
||||
}
|
||||
if (fuzzed_data_provider.ConsumeBool()) {
|
||||
(void)check_queue_control.Wait();
|
||||
}
|
||||
}
|
49
src/test/fuzz/cuckoocache.cpp
Normal file
49
src/test/fuzz/cuckoocache.cpp
Normal file
@ -0,0 +1,49 @@
|
||||
// Copyright (c) 2020 The Bitcoin Core developers
|
||||
// Distributed under the MIT software license, see the accompanying
|
||||
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
||||
|
||||
#include <cuckoocache.h>
|
||||
#include <optional.h>
|
||||
#include <script/sigcache.h>
|
||||
#include <test/fuzz/FuzzedDataProvider.h>
|
||||
#include <test/fuzz/fuzz.h>
|
||||
#include <test/fuzz/util.h>
|
||||
#include <test/util/setup_common.h>
|
||||
|
||||
#include <cstdint>
|
||||
#include <string>
|
||||
#include <vector>
|
||||
|
||||
namespace {
|
||||
FuzzedDataProvider* fuzzed_data_provider_ptr = nullptr;
|
||||
|
||||
struct RandomHasher {
|
||||
template <uint8_t>
|
||||
uint32_t operator()(const bool& /* unused */) const
|
||||
{
|
||||
assert(fuzzed_data_provider_ptr != nullptr);
|
||||
return fuzzed_data_provider_ptr->ConsumeIntegral<uint32_t>();
|
||||
}
|
||||
};
|
||||
} // namespace
|
||||
|
||||
void test_one_input(const std::vector<uint8_t>& buffer)
|
||||
{
|
||||
FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
|
||||
fuzzed_data_provider_ptr = &fuzzed_data_provider;
|
||||
CuckooCache::cache<bool, RandomHasher> cuckoo_cache{};
|
||||
if (fuzzed_data_provider.ConsumeBool()) {
|
||||
const size_t megabytes = fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, 16);
|
||||
cuckoo_cache.setup_bytes(megabytes << 20);
|
||||
} else {
|
||||
cuckoo_cache.setup(fuzzed_data_provider.ConsumeIntegralInRange<uint32_t>(0, 4096));
|
||||
}
|
||||
while (fuzzed_data_provider.ConsumeBool()) {
|
||||
if (fuzzed_data_provider.ConsumeBool()) {
|
||||
cuckoo_cache.insert(fuzzed_data_provider.ConsumeBool());
|
||||
} else {
|
||||
cuckoo_cache.contains(fuzzed_data_provider.ConsumeBool(), fuzzed_data_provider.ConsumeBool());
|
||||
}
|
||||
}
|
||||
fuzzed_data_provider_ptr = nullptr;
|
||||
}
|
@ -22,6 +22,7 @@
|
||||
#include <streams.h>
|
||||
#include <test/fuzz/FuzzedDataProvider.h>
|
||||
#include <test/fuzz/fuzz.h>
|
||||
#include <test/fuzz/util.h>
|
||||
#include <time.h>
|
||||
#include <uint256.h>
|
||||
#include <util/moneystr.h>
|
||||
@ -33,6 +34,7 @@
|
||||
#include <cassert>
|
||||
#include <chrono>
|
||||
#include <limits>
|
||||
#include <set>
|
||||
#include <vector>
|
||||
|
||||
void initialize()
|
||||
@ -81,8 +83,12 @@ void test_one_input(const std::vector<uint8_t>& buffer)
|
||||
}
|
||||
(void)GetSizeOfCompactSize(u64);
|
||||
(void)GetSpecialScriptSize(u32);
|
||||
// (void)GetVirtualTransactionSize(i64, i64); // function defined only for a subset of int64_t inputs
|
||||
// (void)GetVirtualTransactionSize(i64, i64, u32); // function defined only for a subset of int64_t/uint32_t inputs
|
||||
if (!MultiplicationOverflow(i64, static_cast<int64_t>(::nBytesPerSigOp)) && !AdditionOverflow(i64 * ::nBytesPerSigOp, static_cast<int64_t>(4))) {
|
||||
(void)GetVirtualTransactionSize(i64, i64);
|
||||
}
|
||||
if (!MultiplicationOverflow(i64, static_cast<int64_t>(u32)) && !AdditionOverflow(i64, static_cast<int64_t>(4)) && !AdditionOverflow(i64 * u32, static_cast<int64_t>(4))) {
|
||||
(void)GetVirtualTransactionSize(i64, i64, u32);
|
||||
}
|
||||
(void)HexDigit(ch);
|
||||
(void)MoneyRange(i64);
|
||||
(void)i64tostr(i64);
|
||||
@ -101,6 +107,12 @@ void test_one_input(const std::vector<uint8_t>& buffer)
|
||||
(void)memusage::DynamicUsage(u8);
|
||||
const unsigned char uch = static_cast<unsigned char>(u8);
|
||||
(void)memusage::DynamicUsage(uch);
|
||||
{
|
||||
const std::set<int64_t> i64s{i64, static_cast<int64_t>(u64)};
|
||||
const size_t dynamic_usage = memusage::DynamicUsage(i64s);
|
||||
const size_t incremental_dynamic_usage = memusage::IncrementalDynamicUsage(i64s);
|
||||
assert(dynamic_usage == incremental_dynamic_usage * i64s.size());
|
||||
}
|
||||
(void)MillisToTimeval(i64);
|
||||
const double d = ser_uint64_to_double(u64);
|
||||
assert(ser_double_to_uint64(d) == u64);
|
||||
|
@ -121,4 +121,15 @@ template <typename T>
|
||||
}
|
||||
}
|
||||
|
||||
template <class T>
|
||||
[[ nodiscard ]] bool AdditionOverflow(const T i, const T j) noexcept
|
||||
{
|
||||
static_assert(std::is_integral<T>::value, "Integral required.");
|
||||
if (std::numeric_limits<T>::is_signed) {
|
||||
return (i > 0 && j > std::numeric_limits<T>::max() - i) ||
|
||||
(i < 0 && j < std::numeric_limits<T>::min() - i);
|
||||
}
|
||||
return std::numeric_limits<T>::max() - i < j;
|
||||
}
|
||||
|
||||
#endif // BITCOIN_TEST_FUZZ_UTIL_H
|
||||
|
Loading…
Reference in New Issue
Block a user